Auth bypass in Leantime
CVE-2026-15510
A vulnerability was found in Leantime up to 3.8.0. Affected is the function Setting::saveSetting of the component API. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been made p…
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- N/a Leantime — versions 3.0, 3.1, 3.2
Weakness classification (CWE)
References
- cna@vuldb.com (technical-description, vdb-entry)
- cna@vuldb.com (signature, permissions-required)
- cna@vuldb.com (third-party-advisory)
- cna@vuldb.com (third-party-advisory)
- cna@vuldb.com (exploit)
Frequently asked questions
- What is CVE-2026-15510?
- CVE-2026-15510 is a medium-severity vulnerability in Leantime, classified under Incorrect Privilege Assignment. CVSS score: 6.3/10. Published 2026-07-12.
- How severe is CVE-2026-15510?
- Medium severity. CVSS v3 base score is 6.3 out of 10.